CN101547099B - Elliptical curve-based method and elliptical curve-based device for self-authenticating signature - Google Patents

Elliptical curve-based method and elliptical curve-based device for self-authenticating signature Download PDF

Info

Publication number
CN101547099B
CN101547099B CN2009100831841A CN200910083184A CN101547099B CN 101547099 B CN101547099 B CN 101547099B CN 2009100831841 A CN2009100831841 A CN 2009100831841A CN 200910083184 A CN200910083184 A CN 200910083184A CN 101547099 B CN101547099 B CN 101547099B
Authority
CN
China
Prior art keywords
signature
entity
private key
produce
pki
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2009100831841A
Other languages
Chinese (zh)
Other versions
CN101547099A (en
Inventor
张键红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN2009100831841A priority Critical patent/CN101547099B/en
Publication of CN101547099A publication Critical patent/CN101547099A/en
Application granted granted Critical
Publication of CN101547099B publication Critical patent/CN101547099B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses an elliptical curve-based method for self-authenticating signature, an extended signature method thereof, and a signature verification process. An authentication authorized organization generates part of signature private keys of a signature entity; and the signature entity uses part of self-selected private keys as well as received private keys from the authentication authorized organization to generate a signature private key. With an elliptical curve, the calculation efficiency is improved. And the invention provides an elliptical curve-based method for one-to-one self-authenticating signature, a method for self-authenticating aggregate signature and a method for generating a self-authenticating signature off line. The security of the methods is based on an SDH+CDH assumption put forward. The plurality of methods provided can meet the security requirement of signature protocols, improve signature efficiency to some extent and meet requirements of some special conditions.

Description

Endorsement method of authentication certainly and device based on elliptic curve
Technical field
The present invention relates to the digital signature technology in password field, from the authentication technology, by in conjunction with the elliptic curve cipher technology, and utilize the communication apparatus of computer and other types, realize from the design that authenticates signature system by network or other approach, thereby can be used as structure safety, the module of fair ecommerce, E-Government etc.
Background technology
Private key in the digital signature scheme is to be chosen by entity oneself generally, and secret keeping, and the corresponding PKI that is produced need produce a certificate by a certification authority and authenticate.In signature process, the signature entity utilizes its private key to sign to any message, when a verifier verified the validity of a signature, the validity of certifying signature person public key certificate at first utilized the PKI of signer to verify the validity of information signature again.Under this traditional PKI public key system, certification authority need be to the generation of client public key certificate, upgrade, cancel and complex operations such as distribution manages, thereby brought white elephant to certification authority, also increased the amount of calculation of verifier's checking.And based on the public key system of identity, adopt user's identity, as: IP address or email address etc. are as user's PKI, deleted the complex management of public key certificate in the conventional P KI public key system, yet user's private key needs a private key generation center (PKG) to produce, and the user must trust this PKG fully, thereby, exist the key escrow problem based on the public key system of identity.In real society, this trust can't guarantee fully.
In order to delete in the conventional P KI system certification authority, and ask that based on the key escrow in the identity public key system we propose a kind of from authenticating signature system to the complex management of public key certificate.In this system, the generation of private key for user is to be finished jointly by user and authenticating authority mechanism.
The signature scheme of authentication certainly that the present invention proposes based on elliptic curve, be different from digital signature scheme under the conventional public-key cryptographic system, also be different from based on signature scheme under the identity public key system, it has been deleted the drawback of these two kinds of public key systems and has inherited their advantage.In this scheme, the private key of signature entity is made up of two parts, and a part is at Z by the signature entity pIn at random a unit usually produce, another part is by the public affairs/private key of certification authority by oneself, signature identity of entity and PKI and system parameters thereof to be produced, so not only can so that the signature entity PKI by the checking of implicit expression, and can effectively solve the trustship problem of key, simultaneously, also deleted the complex management to public key certificate to authenticating authority mechanism.Effectively limited the abuse of the right of authenticating authority mechanism, information signature is forged with the name of signature entity by the authenticating authority mechanism that has stopped malice.The signature entity only under the help of authenticating authority mechanism, could obtain effective signature private key.Therefore, not the entity of deciphering knowledge also can from this signature scheme, be benefited.
Elliptic curve is a most important class research object in the algebraic geometry, and wherein the bilinearity in the elliptic curve is to being that the Weil of algebraic curve and Tate are to being the important tool of algebraic geometry research.Discrete logarithm problem on the elliptic curve far is difficult to discrete logarithm problem, and unit bit intensity will be far above traditional discrete logarithm system in elliptic curve cipher system.Therefore under the situation of using short key, ECC can reach the identical fail safe in the DL system.This benefit of bringing is exactly that calculating parameter is littler, and key is shorter, and arithmetic speed is faster, and it is also shorter and smaller to sign.Therefore elliptic curve cipher is particularly useful for processor speed, bandwidth and power consumption occasions with limited.At present, many digital signature schemes based on elliptic curve are suggested, especially many digital signature based on identity ID.Along with the development of digital signature, in order to satisfy different practical requirements, the digital signature scheme of different situations has appearred adapting to.But about the generation of signature key, the trustship of key but is the difficult point and the emphasis of research always.
Neal Koblitz in 1985 and Victor Miller propose respectively elliptic curve is used for common key cryptosystem, and have realized already present public key algorithm with elliptic curve.Cryptographic algorithm based on elliptic curve discrete logarithm problem intractability is called as elliptic curve cryptography (Elliptic Curve Cryptography is called for short ECC), becomes the public key algorithm that international cryptography circle is accepted extensively.
US4200770 provided one can be in overt channel the method and apparatus of interchange key, this method is called the public-key cryptography exchange or is called the Diffie-Hellman key exchange method.This patent makes communicating pair use a modular function to consult and transmits their secret information, solved the trouble of some key management aspects of design safety cryptographic system.In the common key cryptosystem, each entity has private key and the PKI of oneself, and private key has only entity oneself to know, PKI does not need to stop disclosing of PKI then by system management, because its secret is unnecessary in secure communication and digital signature.But, public-key cryptosystem is faced with familiar authentication question, for example, it is effective that entity offers the signature entity, but wrong PKI, the signature entity utilizes this PKI that secret information is encoded, and coding will might perhaps be gained the information that the signature entity accepts to contain invalid signature by cheating by the entity decoding beyond the signature entity.The method of the most familiar authentication PKI is to utilize clear and definite certificate, as X.509.When certain entity will use the PKI of other entities, the former must verify the authenticity of this PKI in advance.The assailant will seek out the secret information of transmission, must solve discrete logarithm problem, if the parameter of using is enough big, separating discrete logarithm problem is an intractable problem.
Under conventional public-key PKI framework, user's PKI is a string nonsensical character string, and has a public key certificate associated.In order to simplify the management of certificate, common key cryptosystem based on identity has been proposed at Shamir in 1984.At the PKI based on identity is to be produced by the signature identity of entity, and corresponding private key is produced by a trustworthy certification authority.Obviously, this system exists a fatal problem: the key escrow problem.Certification authority is understood the private key of the entity that bears the signature, for a dishonest certification authority, and its can anyly forge a signature signature of entity.In 1991, the public key system of authentication certainly that Girault proposes was as except based on a kind of optional public key system the cryptographic system of identity and the traditional public key cryptography system.This public key system has not only been deleted the certificate management of the complexity under the conventional public-key system, has also overcome based on the key escrow problem in the identification cipher system.The private key of signature entity is united generation by certification authority and signature entity itself, has effectively stopped the illegal operation of dishonest certification authority; In application, the public key certificate of signature entity is to be verified in the implicit expression mode.In Petersen in 1997 and Hoster will expand to cryptographic system based on discrete logarithm from the PKI of authentication, a lot of signature schemes of authentication certainly based on discrete logarithm have also appearred thereupon, but because the operand of discrete logarithm is bigger, calculate more complicated, cumbersome for choosing of key, so this class signature scheme is not very effective, the advantage of self-certified public key system does not embody.With respect to discrete logarithm, the amount of calculation of elliptic curve is little, fast operation, but regrettably utilize the elliptic curve structure also not have the formal strict difinition that provides from the signature scheme of authentication, therefore need the certainly signature scheme of authentication of definition based on elliptic curve.
A kind of effective safety hypothesis, this supposes it is the certainly foundation for security of the signature scheme of authentication of structure based on elliptic curve safely.Signature scheme for structure safety, what utilize usually is strong Diffie-Hellman hypothesis (strong Diffie-Hellman (SDH) assumption) and computational Diffie-Hellman hypothesis (Computational Diffie-Hellman (CDH) assumption), a kind of in order to construct safely and effectively based on the signature scheme of authentication certainly of elliptic curve, the present invention has provided a kind of new, the hypothesis of provable security, we claim that it is strong Diffie-Hellman hypothesis+computable Diffie-Hellman hypothesis, this hypothesis combines two safety hypothesis, utilize the difficulty of computable Diffie-Hellman hypothesis, illustrate and the difficulty of the hypothesis of constructing between two hypothesis of being familiar with, be the effective tool of the signature scheme of authentication certainly of constructing safely and effectively based on elliptic curve.
A kind of effective key generation method of authentication certainly based on elliptic curve.Generally, the private key of signature entity has only and oneself knows, and is a character string at random by the PKI that private key produced, and be not easy to memory, and this PKI needs an authenticating authority mechanism to authenticate.Development along with ecommerce and Internet technology, computing capability is little, bandwidth and internal memory are limited mobile device and portable equipment are popularized day by day, the article " Self-certified public keys (self-certified public key) " that how to design the more and more urgent .1991 Girault of the complicated management of effective signature technology and simplification is published in Pro.of the Eurocrypt ' 94,491-497, the structure and the generation of self-certified public key have been proposed, but the generation for private key reaches the private key of authentication certainly of how to construct based on elliptic curve, does not provide concrete description.From the authentication signature system, not only can simplify management and deletion key escrow problem, and can reduce the amount of calculation of verifier signature verification to public key certificate.And elliptic curve cipher has under equal security intensity, the short characteristics of signature length; Therefore, we need construct a kind of safely and effectively based on the method that authenticates key certainly of elliptic curve.
A kind of effectively from authenticating signature system, promptly a signature entity utilizes private key that message M is produced signature, and the verifier can utilize user's the identity ID and the PKI Pca at authenticating authority center to come this information signature is verified.Petersen in 1997 and Hoster will expand to from the PKI of authentication in the cryptographic system based on discrete logarithm, article " Self-certified keys-concept and application (Ren Zheng key-notion and application certainly) " is published in Pro.of the Communication and Multimedia Security ' 97,102-116.But compare with elliptic curve, the amount of calculation of discrete logarithm, arithmetic speed are all undesirable, and this endorsement method can make the signature entity under the help of certification authority, obtains effective signature key, and realize the signature intact to message.But, the formalization definition based on the signature scheme of authentication certainly of elliptic curve does not also appear, therefore, need a kind of endorsement method of authentication certainly based on elliptic curve.
A kind of effective aggregate signature method, the entity of promptly signing is signed to multiple messages, and the verifier can carry out simultaneous verification rather than checking respectively to these information signatures.Exist many signature schemes at present, but these schemes all in various degree have a defective, to a plurality of information signatures checking the time, the length of signature can become along with the increase of information signature greatly such as, verifier, amount of calculation, computational burden also phase strain are big etc.Need a kind ofly can satisfy the verifier can be to the endorsement method of multiple messages signature verification.Therefore, need a kind of effective aggregate signature method of authentication certainly based on elliptic curve.
A kind of on-line based on elliptic curve is from authenticating endorsement method, can the on-line state under, be the signature scheme that the signature entity produces information signature.In actual applications, line duration is more important than the signature time, and not all signature process all is to finish under the presence, if can still can finish signature under off-line state, then can improve signature efficient greatly, saves unnecessary waste.Calendar year 2001 A.Shamir, the article of Y.Tauman " Improved online/offline signature schemes (improved on-line signature scheme) " is published in Advances in crypt ' 2001,355-367.Yet based on elliptic curve, the method that can finish simultaneously from the authentication signature under/off-line state does not but occur.Therefore, need the endorsement method of a kind of on-line based on elliptic curve, under/off-line state, can handle, produce endorsement method from the authentication signature to message from authentication.
Therefore, one of purpose of the present invention provides a kind of effective SDH+CDH hypothesis.Two of purpose of the present invention provides a kind of effective endorsement method of authentication certainly based on elliptic curve.Three of purpose of the present invention provides a kind of effective, based on the aggregate signature method of authentication certainly of elliptic curve.Four of purpose of the present invention provide a kind of based on elliptic curve at/off-line from authenticating endorsement method.A kind of difficulty is lower than Computational Diffie-Hellman (CDH) Assumption and is higher than the new hypothesis q-SDH+CDH Assumption of q-Strong Diffie-Hellman Assumption, and this hypothesis particular content comprises:
Choose first cyclic group G of definition 1
Choose first cyclic group G 1In q unit array With an array
Utilize q-SDH Assumption and CDH Assumption to suppose to choose Make and in polynomial time, find with the probability of can not ignore
Figure GSB00000515198800064
Be impossible.
A kind of based on elliptic curve, produce method and checking about the signature of the authentication certainly Sig of message M, a signature entity produces signature δ to message M, and last, a verifier utilizes verification algorithm that this signature δ is verified that particular content comprises:
In system initialisation phase, choose the first cyclic group G 1With the second cyclic group G 2(exponent number is big prime number p);
Choose a nonsingular bilinearity to mapping e, satisfying can be by G 1In two element map to G 2In an element;
Choose the first cyclic group G 1Generator g;
The residue class Z of picked at random mould p pIn an element α as the private key of CA, and produce P CA=g αAs the CA PKI;
User U iThe residue class Z of picked at random mould p pIn an element x i(i=1,2 ..., n) as U iThe part private key, and produce
Figure GSB00000515198800065
As signature entity U iThe part PKI;
Choose the first hash function H 1, can produce the first cyclic group G by the first string binary number 1In an element;
Choose the second hash function H 2, can produce residue class Z by the second string binary number pIn an element;
Choose the 3rd hash function H, can produce residue class Z by the 3rd string binary number pIn an element;
Authority authorization center CA and user U iCarry out interactive operation and produce user U iProduce user's private key.When CA receives user U i(IDi, Pi), CA utilizes its PKI and (IDi Pi) calculates h as the input of the first hash function value for the information of sending 1=H 1(P CA, ID i, P i), and then utilize its private key to produce user U iThe part private key And return to user U i
As user U iReceive part private key d iAfter, utilize (P i, P CA, ID i) verify U by following equation iPart private key d iValidity
e ( d i , P CA g - H 2 ( P i , ID i ) ) = e ( h 1 , g ) .
At last, signature entity U iPrivate key be (x i, d i), wherein (i=1,2 ..., n);
In the signature stage, in order to produce signature, user U to message M iProduce a signature by authenticating signature algorithm certainly.Specific as follows:
1. the residue class Z of picked at random mould p pIn an element s;
2. calculate
Figure GSB00000515198800073
Figure GSB00000515198800074
M=H (δ 2, M, P i).
3. produce the signature Sig=(δ of authentication certainly of message M 1, δ 2)
In the signature verification stage, Sig=(δ 1, δ 2) and message M as an input of demo plant, this demo plant work is as follows:
1, checking client public key U iAuthenticity, step is: by confirming
Figure GSB00000515198800075
Come the authenticity of verification public key;
2, by confirming
Figure GSB00000515198800076
Verify (δ from authentication signature Sig= 1, δ 2) validity.
A kind of based on elliptic curve, generation is about the method that authenticates aggregate signature Sig certainly and the checking of message, the signature entity can be signed to different message, at last these information signature polymerizations are generated final signature, when checking, as long as the verifier is the resulting signature of checking polymerization, just mean that all information signatures are correct, by this method the amount of calculation of signature verification and speed ratio are improved a lot than the checking of all single information signatures, and the signature length after the polymerization obviously shortens than the length of all single signatures, and this system comprises:
Certification authority and signature entity carry out the sign signature key of entity of an interactive operation; The signature key that the utilization of signature entity is produced comes different messages is produced signature according to the top ciphering signature of authentication certainly method.At last, the signature entity aggregates into a final signature to the signature that different messages is produced.
When a verifier verifies the aggregate signature of several different messages, he utilizes previously selected bilinearity mapping and selected hash function to be verified the validity of aggregate signature, if this aggregate signature satisfies the checking equation, this is effective with regard to the signature that means these several different messages.
One can produce the offline/online system of signing to a message M by a signature entity, and this system is divided into online and two stages of off-line.This signature entity is finished the main calculating process of signature under off-line (offline) state; Under presence, the signature entity uses less amount of calculation to produce message M signature based on the result of calculation under the off-line state.This system comprises:
A Certificate Authority structure and the entity of signing carry out interactive operation, produce the signature key of signature entity, each signature entity correspondence different signature keys separately, and signature entity and certification authority produce the signature private key of the entity of signing jointly;
One and certification authority, the processor that the signature entity transmits mutually, this processor can utilize previously selected hash function, the input of certification authority or signature entity generates a functional value, and utilize the private key of this functional value and signature entity, associated public key generates the signature of authentication certainly of signature entity; And, this processor can be under off-line state, selection secret information at random and a random number, utilize previously selected function, the private key of signature entity generates an off-line signature, in the on-line signature stage, this processor can use the off-line signature that is generated and wait to sign message M under off-line state, generate an online signature of authentication certainly jointly;
A processor that transmits mutually with the signature verifier, this processor can utilize previously selected bilinearity to mapping, selected hash function, above onlinely verifying of generating of processor from the authentication signature, if by checking, determine the authenticity of this signature.
Summary of the invention
The present invention has provided reliable theoretical basis, has proposed safety, key effectively and fast, signature production method.
The objective of the invention is to propose a kind of new effective elliptic curve from authenticating endorsement method.This endorsement method is based on the elliptic curve discrete logarithm problem, and this problem has high complexity, thereby has higher specific of unit security intensity, can shorten the digital signature length with identical security intensity greatly, accelerates signature speed.
One of content of the present invention has proposed effective SDH+CDH hypothesis.Utilize to solve the difficulty of strong SDH and CDH hypothesis, both difficulty is combined, constructed effective SDH+CDH hypothesis.The probability that solves the SDH hypothesis in polynomial time is negligible, the probability that solves the CDH hypothesis in polynomial time also is negligible, be lower than solution CDH hypothesis owing to propose the difficulty of hypothesis, solve the SDH hypothesis and be higher than, learn that the probability that solves the SDH+CDH hypothesis in polynomial time also is negligible.Utilize the SDH+CDH hypothesis, can produce the effective signature scheme of authentication certainly based on elliptic curve, the security model and the fail safe of structural scheme prove.
Two of content of the present invention has proposed a kind of effective key generation method of authentication certainly based on elliptic curve.In traditional public key cryptosyst, user's private key can oneself produce or be produced by a certification authority, then, generates corresponding public key, and this PKI is a character string at random, generally is not easy memory; Corresponding public key needs a certification authority to authenticate the validity of this PKI simultaneously.Therefore, the problem of bringing is: when certifying signature, the verifier at first needs the validity of PKI, then, utilizes this PKI to come the validity of certifying signature again.Obviously, be not suitable at present popular low calculating, the low mobile device that calculates.The private key of signature entity can only just can be finished under the help of certification authority among the present invention.Specific as follows: as to produce first cyclic group and second cyclic group, select a nonsingular bilinearity mapping, make to access a element in second cyclic group by two elements in first cyclic group.Select the generator of first cyclic group, and produce the generator of second cyclic group.One element among the picked at random residue class Zq, the key of generation certification authority.The signature entity selects a number as the part private key in residue class Zq at random, and produce corresponding part PKI, certification authority is utilized its private key, signature identity of entity and first, second hash function, generate the other part private key of signature entity, at last, the signature entity can lump together two parts key, produces signature key.
Three of content of the present invention has proposed a kind of method of effectively signing based on the authentication certainly of elliptic curve.Specific as follows: as to produce first cyclic group and second cyclic group, select a nonsingular bilinearity mapping, make to access a element in second cyclic group by two elements in first cyclic group.Select the generator of first cyclic group, and produce the generator of second cyclic group.One element among the picked at random residue class Zq, the key of generation certification authority.The part private key that the signature entity is chosen produces corresponding part PKI, and certification authority is utilized its private key, user's identity and the first, the second hash function, generates the other part private key of signature entity.The signature entity utilizes signature private key, selects random number, utilizes the PKI of hash function and identity of oneself and certification authority to come message is signed.Can be from the authentication signature by nonsingular bilinearity mapping, the PKI of certification authority and signature identity of entity, and hash function is finished the checking of signature.
Four of content of the present invention, proposed a kind of effectively based on elliptic curve, the endorsement method of authentication certainly of polymerization.The signature entity utilizes signature key that no message is signed, and then, these different information signature polymerizations is got up, and generates an aggregate signature.Then, this aggregate signature can be by nonsingular bilinearity mapping, the PKI of certification authority and signature identity of entity, and selected hash function is finished the checking of signature.
Five of content of the present invention, proposed a kind of based on elliptic curve at/off-line endorsement method from authentication, can under/off-line state, be that the signature entity produces information signature.Utilize previously selected function, the input of certification authority or signature entity generates the message functional value, and utilizes the private key of message functional value and signature entity, and the PKI of certification authority generates the signature of authentication certainly of signature entity; Line duration is more important than the signature time usually, under the off-line state, selection secret information at random and a random number, select a piece of news at random, utilize previously selected function, the private key of signature entity generates an off-line signature, in the processing afterwards, this processor can be under presence, can utilize identify with the random number that comprised in the signature that is complementary to message authenticate.Therefore, need a kind of based on elliptic curve at/off-line endorsement method from authentication, finish endorsement method to information signature.
Description of drawings
Fig. 1 is a flow chart, and this figure has introduced two operating process of content of the present invention, described how to produce a kind of effectively based on the method that authenticates key certainly of elliptic curve;
Fig. 2 is a flow chart, and this figure has introduced three operating process of content of the present invention, has described how to produce a kind ofly effectively based on elliptic curve, and signature entity carries out method from the authentication signature to a piece of news;
Fig. 3 is a flow chart, and this figure has introduced four operating process of content of the present invention, described how to produce a kind of effectively based on elliptic curve, Ren Zheng aggregate signature method certainly;
Fig. 4 is a flow chart, and this figure has introduced five operating process of content of the present invention, described how to produce a kind of based on elliptic curve at/off-line endorsement method from authentication;
Fig. 5 is the block diagram of signature apparatus of the present invention.
Embodiment
The endorsement method of authentication certainly based on elliptic curve proposed by the invention can provide safety, and fast, succinct and effective endorsement method by the signature key setting to the signature entity, has prevented the extension of signature right.The endorsement method of authentication certainly that the present invention proposes based on elliptic curve, according to different signature entities, signature information, can expand to the aggregate signature that satisfies one-to-many, promptly a signature entity carries out from the authentication signature different messages, then, these information signatures are aggregated into the method for a signature; In order to improve the speed of on-line signature, provided a kind of at/off-line from authenticating the information signature method.
The endorsement method of authentication certainly based on elliptic curve of the present invention needs a certification authority CA in user's part private key produces.The signature entity is in the process that produces signature key, transmit alternately with this certification authority, random number among residue class Zp of signature entity selection is as the part signature private key of oneself, certification authority utilization signature identity of entity, specific informations such as part PKI, produce the other part signature private key of signature entity, the signature entity obtains effective signature private key with the combination of two parts private key.Certification authority among the present invention is being not a complete trust authority, and the private key of signature entity no longer includes it and produces fully, its can not forge a signature signature of entity.
The endorsement method of authentication certainly based on elliptic curve that the present invention proposes comprises 4 steps: set up model, key produces, signature, and checking.Signature step under the off-line state then also needs to choose random information and several two steps of identification and matching.
In setting up model, this algorithm input security parameter 1 k, certification authority CA chooses secret parameter as private key, and is used for producing common parameter params, comprises the first cyclic group maker, hash function, bilinearity mapping function and PKI.The generation of private key has only the CA of certification authority to know, parameter p arams is disclosed.
In key produced, the signature entity was chosen the part private key of oneself, and generates corresponding part PKI.The signature entity is with identity information, and the part PKI passes to certification authority, and certification authority is utilized hash function, through handling, another part private key of the entity that obtains signing passes to the signature entity, by checking, the signature entity is determined the authenticity of private key, produces signature private key.
In signature process, the signature entity is chosen a secret parameter, utilize the first cyclic group maker, the identity information of oneself, common parameter, the hash function generating unit is divided signature, utilizes this part signature and message to obtain the message function, signature private key obtains another part signature to the message function signature again, two parts signature is closed the signature of authentication certainly that produces signature information.
In proof procedure, utilize the hash function value, common parameter params and message are handled, obtain the message functional value.Checking generates parameter, the message functional value, and the authentication signature waits and whether satisfies the checking equation certainly, obtains conclusion " acceptance " (signature is effectively) or " refusal " (it is invalid to sign).
Elliptic curve
High efficiency of the present invention is based on the computing terseness on the elliptic curve.The endorsement method that the present invention proposes is based on elliptic curve, utilizes right on the elliptic curve, to right with Weil, carries out computing such as Tate.It is the cyclic group of big prime number q that the present invention utilizes two rank, and one is the module G that puts in elliptic curve or the Abel family 1, its maker is g; Another is the multiplicative group G on the finite field 2There is a kind of bilinearity mapping function e:G between two cyclic groups 1* G 1→ G 2, with module G 1In two element map to multiplicative group G 2In an element.Require this function to satisfy: at first bilinear, for G 1In element u, v, integer a, b satisfies e (u a, v b)=e (u, v) AbSecondly, nonsingular, promptly for G 1In element g, satisfy e (g, g) ≠ 1; Once more, computable, for G 1In element u, v, exist effective algorithm computation e (u, v).Except three top requirements, this function also should be symmetrical, promptly e (u, v)=e (v, u).2 points that the computing of putting on the elliptic curve, horizontal ordinate are intercoursed satisfy symmetry, and the mapping point that obtains on elliptic curve is identical.The computable Diffie-Hellman hypothesis of strong Diffie-Hellman+.
Fail safe of the present invention is based on strong Diffie-Hellman hypothesis-strong Diffie-Hellman (SDH) assumption and computable Diffie-Hellman hypothesis-Computational Diffie-Hellman (CDH) assumption, wherein, the former is defined in (g 1, G 2) in, g 1, g 2Be respectively G 1And G 2Maker, provide q+2 unit array
Figure GSB00000515198800131
For unknown integer c, obtain
Figure GSB00000515198800132
The latter is defined in G 1On, g 1Be G 1Maker, provide
Figure GSB00000515198800133
For unknown integer x, y obtains
Figure GSB00000515198800134
For two kinds of top hypothesis, the present invention proposes a kind of new strong Diffie-Hellman hypothesis+computable Diffie-Hellman hypothesis of hypothesis.This hypothesis is on difficulty, between strong Diffie-Hellman hypothesis and computable Diffie-Hellman hypothesis.This hypothesis is defined in G equally 1On, g 1Be G 1Maker, provide q unit array With 2 yuan of arrays
Figure GSB00000515198800136
For integer c, r obtains
Figure GSB00000515198800137
If the computable Diffie-Hellman hypothesis of strong Diffie-Hellman+ can solve in polynomial time, make q=2, then this hypothesis is converted into computable Diffie-Hellman hypothesis, and explanation can solve computable Diffie-Hellman hypothesis in polynomial time.In fact computable Diffie-Hellman hypothesis is equivalent to inversion operation, is indeterminable in polynomial time.Therefore, the computable Diffie-Hellman hypothesis of the strong Diffie-Hellman+ of proposition can not solve with the probability of can not ignore in polynomial time too.
As mentioned above, the computable Diffie-Hellman hypothesis of the strong Diffie-Hellman+ of proposition is defined in circulation and adds crowd G 1On, g 1Be G 1Maker, import q unit array
Figure GSB00000515198800138
With 2 yuan of arrays
Figure GSB00000515198800139
For integer c, r, output
Figure GSB000005151988001310
Output result's probability is decided by g 1, the arbitrariness that c, r choose, and probabilistic algorithm A.If a probability is calculated the A method and can be exported desired value at polynomial time, then this algorithm can solve the computable Diffie-Hellman hypothesis of strong Diffie-Hellman+ with the probability of can not ignore.But the hypothesis that proposes be equivalent to computable Diffie-Hellman hypothesis in essence, and the difficulty of computable Diffie-Hellman hypothesis is based on the problem of inverting of discrete logarithm.The problem of inverting of discrete logarithm is defined in circulation and adds crowd G 1On, g 1Be G 1Maker, the input
Figure GSB00000515198800141
For unknown integer x, output x.In polynomial time arbitrarily, can not solve the problem of inverting of discrete logarithm with the probability of can not ignore, can draw, can not in polynomial time, solve computable Diffie-Hellman hypothesis with the probability of can not ignore, therefore can not in polynomial time, solve the computable Diffie-Hellman hypothesis of strong Diffie-Hellman+ with the probability of can not ignore.This hypothesis is the theoretical foundation that certainly authenticates signature scheme of structure based on elliptic curve.Because the difficulty of this hypothesis, the signature scheme that authenticates certainly based on elliptic curve that the present invention proposes is safe.
The key generation method of authentication certainly based on elliptic curve
Under traditional PKI framework, choosing of signature private key, generally, be that signature entity secret is chosen, generate corresponding public key then, and this PKI is authenticated by a certification authority, perhaps, produce a pair of public affairs/private key by certain certification authority, private key is returned to the user, and PKI is authenticated.This private key production method brings a series of trouble for the checking of public key management and signature.Under the system based on identity, user's private key is to be produced by a trust authority, thereby, exist the key escrow problem.In order to solve the conventional public-key system and based under the identity public key system, key produces the problem of being brought, we study the key generation method from authentication, the signature entity can only produce the part private key, and another part is signed as the part private key by certification authority identity and BBS of part PKI generation to the user, and is last, two parts private key is combined, constitute signature private key.The signature entity can't produce effective signature private key separately, and the introducing of certification authority will make user's PKI study with the implicit expression form when the signature verification.
Benq is in the concrete production method that authenticates signature key certainly of elliptic curve below in conjunction with Fig. 1.What Fig. 1 provided is a flow chart, has described to comprise that signature key produces and checking waits each step.The information of signature entity, the input as hash function passes to certification authority, and generating unit is divided the signature private key.The core of this method is step 106 and step 110: in the step 106, and any selected part private key of signature entity; In the step 110, certification authority generates another part private key of signature entity, and two parts are in conjunction with producing signature private key.
In the step 101, produce two exponent numbers and be all big prime number q, first circulation adds crowd G 1Take advantage of crowd G with second circulation 2
In the step 102, choose G 1Generator be g;
In the step 103, choose a nonsingular bilinearity mapping function e, can be with G 1In two element map to G 2Element;
In the step 104, certification authority is chosen secret integer α as its private key; In the step 105, certification authority produces its PKI P CA=g α
In the step 106, signature entity U iChoose integer x arbitrarily i(i=1,2 ..., n) (i=1,2) as its part private key, the integer that different signature entities is chosen has nothing in common with each other, and different signature process, the integer that same signature entity is chosen is also different;
In the step 107, the signature entity produces the part PKI
Figure GSB00000515198800151
The difference of part signature private key makes the part PKI also inequality;
In the step 108, choose the first, the second hash function, first hash function can produce element in first cyclic group by a string binary number, and second hash function can produce an integer by a string binary number;
In the step 109, the first hash function H 1PKI P by certification authority CA, signature identity of entity ID i, part PKI P iA string binary number of forming produces G 1In element h 0=H 1(P CA, ID i, P i);
In the step 110, utilize the element that obtains in the step 109, the private key cc of certification authority, the second hash function H 2Produce another part private key of signature entity
Figure GSB00000515198800152
Certification authority is passed to the signature entity with this private key, the latter with two parts private key in conjunction with generating signature private key (x i, d i);
In the step 111, utilize bilinearity to mapping e, the checking equation The private key that satisfies the checking equation is right, and the signature entity is thought effectively, accept, otherwise, refusal.
The method that authenticates signature certainly based on elliptic curve
Based on the signature of authentication certainly of elliptic curve, be exactly that a signature entity is to information signature.The method that the present invention proposes, can be in conjunction with the high efficiency of the computing of elliptic curve, simple authentication, key escrow problem and PKI complex management problem have been solved, simultaneously, fail safe of this method and feasibility are based on the difficulty of the computable Diffie-Hellman hypothesis of strong Diffie-Hellman+.
Benq is in the generation method of the signature of authentication certainly of elliptic curve below in conjunction with Fig. 2.What Fig. 2 provided is a flow chart, has described the concrete steps of authentication signature generation certainly.The core of this method is step 210 and step 213: step 210, and part private key that the signature entity will be selected and another part private key combination that is produced by certification authority produce signature private key; Step 213, the signature entity utilizes signature private key, and the 3rd hash function value of message produces the signature from authentication.
Step 201 produces two cyclic group, and first is for adding crowd G 1, second for taking advantage of crowd G 2, exponent number all is big prime number q;
Step 202 is chosen G 1Generator g, and then select group G at random 1In two element h 1, h 2∈ G 1As open parameter;
Step 203 is chosen a nonsingular bilinearity mapping e, can be with G 1In two element map to G 2In;
Step 204, certification authority are chosen secret integer α as its private key.
Step 205, certification authority utilize its private key to produce its PKI P CA=g α
Step 206, signature entity U iChoose integer x arbitrarily i(i=1,2 ..., n) (i=1,2) as its part private key, the integer that different signature entities is chosen has nothing in common with each other, and different signature process, the private key that same signature entity is chosen is also different;
Step 207, the signature entity produces the part PKI
Figure GSB00000515198800161
The difference of part signature private key makes the part PKI also inequality;
Step 208, choose three hash functions, first hash function can produce element in first cyclic group by a string binary number, and second hash function can produce an integer by a string binary number, and the 3rd hash function can produce an integer by a string binary number;
In the step 209, the first hash function H 1PKI P by certification authority CA, signature identity of entity ID i, part PKI P iA string binary number of forming produces G 1In element h 0=H 1(P CA, ID i, P i);
Step 210, the element that utilizes step 209 to obtain, the private key cc of certification authority, the second hash function H 2Produce another part private key of signature entity
Figure GSB00000515198800171
Certification authority is passed to the signature entity with this private key, the latter with two parts private key in conjunction with generating signature private key (x i, d i);
Step 211 utilizes bilinearity to mapping e, the checking equation
Figure GSB00000515198800172
Whether set up, if equation is set up, the signature entity is thought effectively, accept, otherwise, refusal;
Step 212 and 213, the signature entity divides three layers to sign.Ground floor, signature entity picked at random one integer s, the signature entity utilizes certification authority PKI P CA, the second hash function H 2, signature entity identities Information ID i, the part PKI P of signature entity i, signature before generating The second layer, signature entity, signature δ before utilizing 1, signature information M, the part PKI P of signature entity i, the cryptographic Hash m=H (δ of generation message 1, M, P i); The 3rd layer, the signature entity utilizes message cryptographic Hash m, utilizes signature private key (x i, d i), the first and second hash function H 1, H 2, signature entity identities information IN i, the part PKI P of signature entity i, signature before generating Preceding signature and back signature are lumped together, generate signature δ=(δ of message M 1, δ 2);
Step 214 is verified entity arbitrarily, can be by the PKI P of signature entity i, identity information ID i, signature information M, the authenticity of coming certifying signature δ.At first, calculate m=H (δ 1, M, P i) and h 0=H 1(P CA, ID i, P i); Secondly, checking equation
Figure GSB00000515198800175
Whether set up, set up, then think effectively, accept from the authentication signature, otherwise, refusal.
The method that authenticates aggregate signature certainly based on elliptic curve
Based on the authentication aggregate signature certainly of elliptic curve, the entity of signing exactly is to the signature of different messages, and then that these are different information signatures aggregate into the method for a signature.Process at signature is similar to the top endorsement method of authentication certainly, and the signature entity at first utilizes the signature key of oneself that different message is signed, and then, by polymerization the signature of these different messages is aggregated into the short relatively signature of a length; When checking, the verifier just means that these different signatures are effective as long as the signature after the polymerization is effectively verified if set up.Thereby, on the amount of calculation of length of signing and checking, bigger reduction is arranged.
Benq is in the generation method that authenticates aggregate signature certainly of elliptic curve below in conjunction with Fig. 3.What Fig. 3 provided is a flow graph, has described the concrete steps that certainly authenticate aggregate signature generation of signature entity to message.The core of this method is a step 314, and utilization signature entity generates from the signature that authenticates different message, and these information signatures are authenticated aggregate signature certainly in conjunction with producing into one.
Step 301 produces two cyclic group, and first is for adding crowd G 1, second for taking advantage of crowd G 2, exponent number all is big prime number q;
Step 302 is chosen G 1Generator g, and then select group G at random 1In two element h 1, h 2∈ G 1As open parameter
Step 303 is chosen a nonsingular bilinear function e, can be with G 1In two element map to G 2In;
Step 304, certification authority are chosen secret integer α as its private key, in different signature process, and the secret number difference of choosing;
Step 305, certification authority produce its PKI P CA=g α
Step 306, the signature entity is chosen integer x arbitrarily i(i=1,2 ..., n) as its part private key, the integer that different signature entities is chosen has nothing in common with each other, different signature process, and the private key that same signature entity is chosen is also different;
Step 307, the signature entity produces the part PKI
Figure GSB00000515198800181
The difference of part signature private key makes the part PKI also inequality;
Step 308, choose three hash functions, first hash function can produce element in first cyclic group by a string binary number, and second hash function can produce an integer by a string binary number, and the 3rd hash function can produce an integer by a string binary number;
Step 309, the first hash function H 1PKI P by certification authority CA, signature identity of entity ID i, part PKI P iA string binary number of forming produces G 1In element h 0=H 1(P CA, ID i, P i);
Step 310 is utilized the element that obtains in the step 309, the private key cc of certification authority, the second hash function H 2Produce another part private key of signature entity
Figure GSB00000515198800191
Certification authority is passed to the signature entity with this private key, the latter with two parts private key in conjunction with generating signature private key (x i, d i);
Step 311 is utilized Function e, the checking equation If the equation checking is set up, the signature entity is thought effectively, accept, otherwise, refusal;
Step 312 and 313, the process of aggregate signature are divided into three layers.Ground floor, the signature entity is chosen an integer s arbitrarily i, the signature entity utilizes the P of certification authority PKI CA, the second hash function H 2, signature entity identities Information ID i, the part PKI P of signature entity i, signature before generating
Figure GSB00000515198800193
The second layer, signature δ before the signature entity utilizes I1, signature information M i
The part PKI P of signature entity i, the cryptographic Hash m of generation message i=H (δ I1, M i, P i); The 3rd layer, the signature entity utilizes message cryptographic Hash m i, utilize signature private key (x i, d i), the first and second hash function H 1, H 2, signature entity identities Information ID i, the part PKI P of signature entity i, generate the back signature
Figure GSB00000515198800194
Preceding signature and back signature are lumped together, generate message M iSignature δ i=(δ I1, δ I2);
Step 314 is for the signature (δ of n message 1, δ 2..., δ n), wherein satisfy δ i=(δ I1, δ I2).The polymerization process of signature entity is as follows: at first, calculate
Figure GSB00000515198800195
Then, for i=1,2 ..., n, the signature entity calculates m i=H (δ I1, M i, P i); At last, calculate
Figure GSB00000515198800196
So, the aggregate signature that is produced is exactly (δ 1, δ 2).Thus, we as can be seen, our aggregate signature length only is the 1/n of n signature length.When the verifier need verify the validity of this aggregate signature, only need the checking equation
Figure GSB00000515198800197
Whether set up.If set up and just mean that this this aggregate signature is effective.We know from the checking of aggregate signature, and the checking of this aggregate signature only needs 3 (pairing) calculated and 1 exponent arithmetic.The amount of calculation of checking equates with the checking of single signature basically.Annotate: to calculating is calculating the most consuming time in the elliptic curve.
Step 315 is verified entity arbitrarily, can be by the PKI P of signature entity n, identity information ID nAnd system parameters h 1, h 2, come certifying signature (δ 1, δ 2) authenticity.Concrete checking equation
Figure GSB00000515198800201
Whether set up,, then think effective, accept from authenticating aggregate signature if set up, otherwise, refusal.
Based on elliptic curve at/off-line from authenticating endorsement method
Five of content of the present invention, proposed a kind of based on elliptic curve at/off-line endorsement method from authentication.In general, in the signature process, on-line signature is bigger than the off-line cost of signing, the restriction of bandwidth, the restriction of computing capability, all on-line operation is had higher requirement., this method can utilize off-line state to finish the main operation of signature, carries out the signature that message is finished in shirtsleeve operation under presence, saved line duration, improved the efficient of on-line signature, and by to identification selected and signature information coupling random number, the authenticity of certifying signature.
Below in conjunction with Fig. 4 Benq in elliptic curve in/off-line generation method from the authentication signature.What Fig. 4 provided is a flow chart, has described the process that produces under/off-line state from the authentication signature.The core of this method is step 412 and step and step 414.
In the step 412, a certification authority selection secret information and a random number at random utilized previously selected function, and the private key of signature entity generates an off-line signature; In the step 414, under presence, utilize off-line signature, identify with the random number that comprised in the signature that is complementary to message, the authenticity of certifying signature.
Step 401 produces two cyclic group, and first is for adding crowd G 1, second for taking advantage of crowd G 2, exponent number all is big prime number q;
Step 402 is chosen G 1Generator g, and then select group G at random 1In two element h 1, h 2∈ G 1As open parameter
Step 403 is chosen a nonsingular bilinear function e, can be with G 1In two element map to G 2In;
Step 404, certification authority are chosen secret integer α as its private key;
Step 405, certification authority produce its PKI P CA=g α
Step 406, the signature entity is chosen integer x arbitrarily i(i=1,2 ..., n) as its part private key, the integer that different signature entities is chosen has nothing in common with each other, different signature process, and the private key that same signature entity is chosen is also different;
Step 407, the signature entity produces the part PKI
Figure GSB00000515198800211
The difference of part signature private key makes the part PKI also inequality;
Step 408, choose three hash functions, first hash function can produce element in first cyclic group by a string binary number, and second hash function can produce an integer by a string binary number, and the 3rd hash function can produce an integer by a string binary number;
In the step 409, the first hash function H 1PKI P by certification authority CA, signature identity of entity ID i, part PKI P iA string binary number of forming produces G 1In element h 0=H 1(P CA, ID i, P i);
In the step 410, utilize the element that obtains in the step 409, the private key cc of certification authority, the second hash function H 2Produce another part private key of signature entity
Figure GSB00000515198800212
Certification authority is passed to the signature entity with this private key, the latter with two parts private key in conjunction with generating signature private key (x i, d i);
Step 411 is utilized Function e, the checking equation
Figure GSB00000515198800213
Whether set up, if equation is set up, the signature entity is thought effectively, accept, otherwise, refusal;
Step 412 is chosen n and n ', and makes signing messages M ' and M be respectively M '=g n', M=g n, signature private key (x ' i, d ' i), and random number r ', information M ' wherein is different from M;
Step 413, utilization are chosen signature private key and are carried out the off-line signature, signature before generating respectively
Figure GSB00000515198800214
The message function
Figure GSB00000515198800215
And back signature
Figure GSB00000515198800216
Step 414, the signature entity need be found out a random number r, make Promptly Can obtaining under presence With the random number r that obtains, message M, signature passes to the signature verification entity together.
In the step 415, at first, calculate
Figure GSB00000515198800221
And h 1=H 1(P CA, ID i, P i); Secondly, checking equation
Figure GSB00000515198800222
Whether set up, set up, then think effectively, accept from the authentication signature, otherwise, refusal.Step 414 wherein only needs simple addition and multiplication, so computational efficiency is very high.
Fig. 5 has represented signature of the present invention and certifying signature device.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.

Claims (3)

1. one kind produces and verification method based on the private key of authentication certainly of elliptic curve, the generally acknowledged CA of certification authority, and carry out between signature entity, signature entity U wherein iBe a set, i=1 wherein, 2 ..., n, the set of signature entity corresponding identity information is ID iI=1 wherein, 2 ..., n is characterized in that: this scheme particular content is as follows:
On elliptic curve, choose first circulation and add crowd G 1Take advantage of crowd G with second circulation 2, wherein, exponent number is big prime number p;
Choose a nonsingular bilinearity to mapping e, this mapping e is a kind of feasible bilinearity to mapping, satisfied can be by G 1In two element map obtain G 2In element;
Choose first circulation and add crowd G 1Generator g;
The residue class Z of picked at random mould p pIn an element α as the private key of CA, and produce P CA=g αAs the CA PKI;
The residue class Z of picked at random mould p pIn an element x iI=1 wherein, 2 ..., n is as U iThe part private key, and produce
Figure FSB00000515198700011
As signature entity U iThe part PKI;
Choose the first hash function H 1, can produce first circulation by the first string binary number and add crowd G 1In an element;
Choose the second hash function H 2, can produce residue class Z by the second string binary number pIn an element; Produce one first hash function value h 0=H 1(P CA, ID i, P i), and utilize it to produce The signature entity U that generates iSignature private key be (x i, d i), i=1 wherein, 2 ..., n; Whether the authenticity of certifying signature private key accepts to be decided by following proof procedure, and step is: confirm
Figure FSB00000515198700013
2. method according to claim 1 is characterized in that:
Described first circulation adds crowd G 1Be the module of the point in super unusual elliptic curve or the Abel family, crowd G is taken advantage of in described second circulation 2It then is the multiplicative group on the finite field.
3. according to each described method of claim 1-2, it is characterized in that,
Secret is chosen private key cc and the signature entity U of the CA of certification authority iPart private key x i, i=1 wherein, 2 ..., n produces the PKI P of the CA of certification authority CA=g αWith signature entity U iThe part PKI
Figure FSB00000515198700021
Functional value h 0Be to utilize P CA, ID i, P iAs input, by the first hash function H 1According to h 0=H 1(P CA, ID i, P i) produce;
Signature entity U iPart private key d iBe to utilize (ID i, P i), H 2, α is as importing according to formula
Figure FSB00000515198700022
Produce, and the CA of certification authority is with part private key d iPass to signature entity U i, with two part private keys in conjunction with generating signature entity U iSignature private key (x i, d i) and by the checking equation
Figure FSB00000515198700023
Verify.
CN2009100831841A 2009-05-07 2009-05-07 Elliptical curve-based method and elliptical curve-based device for self-authenticating signature Expired - Fee Related CN101547099B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009100831841A CN101547099B (en) 2009-05-07 2009-05-07 Elliptical curve-based method and elliptical curve-based device for self-authenticating signature

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009100831841A CN101547099B (en) 2009-05-07 2009-05-07 Elliptical curve-based method and elliptical curve-based device for self-authenticating signature

Publications (2)

Publication Number Publication Date
CN101547099A CN101547099A (en) 2009-09-30
CN101547099B true CN101547099B (en) 2011-08-03

Family

ID=41194015

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009100831841A Expired - Fee Related CN101547099B (en) 2009-05-07 2009-05-07 Elliptical curve-based method and elliptical curve-based device for self-authenticating signature

Country Status (1)

Country Link
CN (1) CN101547099B (en)

Families Citing this family (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102064940B (en) * 2009-11-13 2013-06-19 赵运磊 High-efficiency on-line/off-line digital signature method
CN101702807B (en) * 2009-11-16 2012-07-25 东南大学 Wireless security access authentication method
JP5697180B2 (en) * 2010-03-31 2015-04-08 イルデト カナダ コーポレーション System and method for protecting cryptographic assets from white box attacks
CN101977110B (en) * 2010-10-09 2012-08-29 北京航空航天大学 Group signature method based on elliptic curve
CN102164151B (en) * 2011-05-20 2013-06-26 北京理工大学 Bilinear-group-based cross-domain union authentication method
CN102769530A (en) * 2012-07-02 2012-11-07 赵运磊 Efficiently-calculated on-line/off-line digital signature method
CN103260001A (en) * 2013-04-03 2013-08-21 匡创公司 Self-authentication protective method used for multi-media
CN103746811B (en) * 2013-12-27 2017-01-25 西安邮电大学 Anonymous signcryption method from identity public key system to certificate public key system
CN104134066B (en) * 2014-08-08 2017-06-16 科进生物识别(深圳)有限公司 For the recognition methods of static signature
CN105187205B (en) * 2015-08-05 2018-05-15 北京航空航天大学 The authentication key agreement method and negotiating system based on level identity base without certificate
CN105406970B (en) * 2015-10-21 2019-03-12 浪潮电子信息产业股份有限公司 Method and device, the method and device of verifying signature of signature
CN105577373B (en) * 2015-12-15 2018-10-19 四川长虹电器股份有限公司 Identify the generation method of secret key
CN106452748A (en) * 2016-10-18 2017-02-22 西安电子科技大学 Multiple users-based outsourcing database audit method
SG10201701044SA (en) * 2017-02-09 2018-09-27 Huawei Int Pte Ltd System and method for computing private keys for self certified identity based signature schemes
CN106878011A (en) * 2017-02-27 2017-06-20 中国银联股份有限公司 A kind of key storage method and device
CN106972924B (en) * 2017-03-23 2020-06-23 联想(北京)有限公司 Method and device for encryption, decryption, electronic signature and verification signature
CN107784580B (en) * 2017-09-15 2020-10-27 数据通信科学技术研究所 Public and private key pair-based derived centerless digital currency transaction method
JP7101031B2 (en) * 2018-04-13 2022-07-14 株式会社bitFlyer Blockchain Blockchain network and confirmation method for it
CN108650097B (en) * 2018-04-28 2021-03-09 上海扈民区块链科技有限公司 Efficient digital signature aggregation method
CN108847933B (en) * 2018-06-26 2020-11-03 西安电子科技大学 SM9 cryptographic algorithm-based identification issuing method
CN109361645B (en) * 2018-08-23 2021-03-23 泰链(厦门)科技有限公司 Block chain task common authentication method, medium, device and block chain system
CN109687958A (en) * 2018-12-28 2019-04-26 全链通有限公司 A kind of design of art work certificate and verification method based on fidelity block chain
CN109784094B (en) * 2019-01-21 2023-05-30 桂林电子科技大学 Batch outsourcing data integrity auditing method and system supporting preprocessing
CN110175473B (en) * 2019-05-22 2022-12-27 西安电子科技大学 Digital signature method based on lattice difficulty problem
CN110324357B (en) * 2019-07-25 2021-09-24 郑州师范学院 Data sending method and device and data receiving method and device
CN110808833B (en) * 2019-11-12 2021-08-06 电子科技大学 Lightweight online and offline certificateless signature method
CN110896351B (en) * 2019-11-14 2022-07-26 湖南盾神科技有限公司 Identity-based digital signature method based on global hash
CN114760076B (en) * 2022-06-14 2022-09-09 江西财经大学 Heterogeneous industrial Internet of things authentication method based on multiple different public key cryptosystems

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1121219A (en) * 1994-03-31 1996-04-24 韩国电气通信公社 Method for exchanging authentication and signing electronic signature
CN1505313A (en) * 2002-11-29 2004-06-16 海南信安数据系统有限公司 Elliptic curve signature and signature verification method and apparatus

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1121219A (en) * 1994-03-31 1996-04-24 韩国电气通信公社 Method for exchanging authentication and signing electronic signature
CN1505313A (en) * 2002-11-29 2004-06-16 海南信安数据系统有限公司 Elliptic curve signature and signature verification method and apparatus

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
李发根,胡予濮,李刚.一个高效的基于身份的签密方案.《计算机学报》.2006,第29卷(第9期),2752-2758. *
王尚平,侯红霞,李敏.基于椭圆曲线的前向安全数字签名方案.《计算机工程与应用》.2006,(第18期),第150-151,206页. *

Also Published As

Publication number Publication date
CN101547099A (en) 2009-09-30

Similar Documents

Publication Publication Date Title
CN101547099B (en) Elliptical curve-based method and elliptical curve-based device for self-authenticating signature
Zhang et al. A new certificateless aggregate signature scheme
CN110912708B (en) Ring signature generation method based on SM9 digital signature algorithm
CN108551392B (en) Blind signature generation method and system based on SM9 digital signature
CN102387019B (en) Certificateless partially blind signature method
CN101667913B (en) Authenticated encryption method and encryption system based on symmetric encryption
CN1937496A (en) Extensible false name certificate system and method
CN109450640B (en) SM 2-based two-party signature method and system
CN106487786B (en) Cloud data integrity verification method and system based on biological characteristics
CN109861826B (en) Method and device for realizing bidirectional proxy re-signature
Ng et al. Universal designated multi verifier signature schemes
CN104767611A (en) Signcryption method from public key infrastructure environment to certificateless environment
CN115174056B (en) Chameleon signature generation method and chameleon signature generation device based on SM9 signature
Pang et al. Efficient and secure certificateless signature scheme in the standard model
CN113162773A (en) Heterogeneous blind signcryption method capable of proving safety
Li et al. Constructions of certificate-based signature secure against key replacement attacks
CN117879833A (en) Digital signature generation method based on improved elliptic curve
Wang et al. A non-interactive deniable authentication scheme based on designated verifier proofs
CN109618348B (en) Method and device for realizing one-way proxy re-signature
Xiong et al. Strong security enabled certificateless aggregate signatures applicable to mobile computation
Yang et al. Certificateless universal designated verifier signature schemes
CN114285576B (en) Non-opposite online and offline signcryption method
Zhang et al. Strong designated verifier signature scheme resisting replay attack
CN114065233A (en) Digital signature aggregation method for big data and block chain application
Thanalakshmi et al. A quantum resistant universal designated verifier signature proof

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20110803

Termination date: 20120507